Reporting Server TLS 1.2 Support

SUMMARY: Add TLS 1.2 Support information to the user guide.

DOCUMENT: The next publication of the GVP 8.5 User's Guide will include these revisions.

CHAPTER: Chapter 14: Configuring the Reporting Server

SECTION: Reporting Server TLS 1.2 Support

Add a new section title "Reporting Server TLS 1.2 Support", and add the following information to the section:

TLS 1.2 MS SQL Server

Support of TLS 1.2 Connection between RS and RS Database (MS SQL Server) is validated for VP Reporting Server. The purpose of this section is to describe a simple configuration and environment setup.

The overall objective for supporting TLS 1.2 Connection for Reporting Server and Reporting Server database (MS SQL Server).

Prerequisite information for RS – RS DB (SQL Server) TLS 1.2 Connection Support=

Install and enable MS SQL Server to support TLS 1.2 version.
SQL Server's SSL certificate authority's certificate (CA certificate of SQLServer).
Use JRE 1.8 to have TLS 1.2 enabled by default.

Reporting Server Connecting SQL Server with TLS Encryption

For information on Reporting Server connecting SQL Server with TLS encryption, see this vendor documentation. Follow the procedures detailed in this vendor document, replacing the code samples as follows:

For trustServerCertificate property in a connection string:

hibernate.remote.url =
     jdbc:sqlserver://172.24.134.87:1433;sslProtocol=TLS;encrypt=true;trustServerCertificate=true;

For the trustStore and trustStorePassword properties in a connection string:

hibernate.remote.url =
jdbc:sqlserver://172.24.134.87:1433;sslProtocol=TLS;encrypt=true;trustServerCertificate=false;trustStore=/opt/genesys/gvp/VP_Reporting_Server_8.5/Certificates/cert_authority.jks;trustStorePassword=changeit

For the hostNameInCertificate property in a connection string:

hibernate.remote.url = 
jdbc:sqlserver://172.24.134.87:1433;sslProtocol=TLS;encrypt=true;trustServerCertificate=false;trustStore=/opt/genesys/gvp/VP_Reporting_Server_8.5/Certificates/cert_authority.jks;trustStorePassword=changeit;hostNameInCertificate=GEN-C7-87

Importing the Server Certificate to Client (Reporting Server) Trust Store

For information on importing the Server Certificate to Client (Reporting Server) Trust Store, see the section Importing the Server Certificate to Trust Store in this vendor documentation. After using the JAVA keytool utility that is installed with the JRE (as specified in the vendor documentation), create a Certificates directory on RS installed location and then execute the following queries:

Windows:

keytool -importcert -alias <ca-alias-name> -keystore <keystore-filename-withpath > -storepass <keystore-password> -file <ca-cert-filename> keytool -importcert -alias startcassl -keystore C:\Program Files\GCTI\gvp\VP Reporting Server 8.5\VP_ReportingServer_851\Certificates\cert_authority.jks -storepass changeit -file cert_authority.crt

Important

GEN-C7-87 is a SQL Server Host Name.

More details on Client connection to SQL Server are available at Microsoft JDBC Driver for SQL Server.

TLS 1.2 Support (Oracle)

Support of TLS 1.2 Connection between RS and RS Database (Oracle) is validated for VP Reporting Server. The purpose of this section is to describe a simple configuration and environment setup.

The overall objective is to support TLS 1.2 Connection for Reporting Server and Reporting Server database (Oracle).

Prerequisite information for RS – RS DB (Oracle) TLS 1.2 Connection Support

Install and enable Oracle to support TLS 1.2 version.
Oracle SSL certificate authority's certificate (CA certificate of Oracle).
Use JRE 1.8 to have TLS 1.2 enabled.

Reporting Server Connecting Oracle with TLS Encryption

Set the following system properties and use the below connection string in "hibernate.remote.url" for connecting with Oracle in TLS 1.2:

javax.net.ssl.trustStore
javax.net.ssl.trustStoreType
javax.net.ssl.trustStorePassword

hibernate.remote.url = jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=servername)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=servicename)))